Bug#558784: Isn't this a security problem?
I would consider this to be a critical issue as it could become a security
problem.
Let's assume an archive key is compromised. As an admin reading this on
some information channel (irc, twitter, lwn.net, whatever) I would just
remove the key as shown by Tollef.
Only by reading this bug report I do know now that this plainly would not
work. Instead apt-key will reenable this key given any chance.
That sound to me like reenabling a root account or password authentication
for ssh style, something that should be up to the admin to decide. Having
a system override such a decision against me as the admin sounds like a
nightmare to me, something I would not accept from a trusted Debian system.
So, does this bug still apply?
Greetings, Torsten
Reply to: